Hi, I updated all Javadocs that were in the production tree of the svnpubsub website.
I did not find the place in SVN where the old_versioned_docs are located! Where can I access them? Are they visible from people.apache.org? If yes I would run the patch tool from there: java -jar JavadocUpdaterTool.jar -R <path> Uwe ----- Uwe Schindler H.-H.-Meier-Allee 63, D-28213 Bremen http://www.thetaphi.de eMail: [email protected] > -----Original Message----- > From: Uwe Schindler [mailto:[email protected]] > Sent: Thursday, June 20, 2013 12:00 PM > To: [email protected] > Subject: Fwd: [SECURITY] Frame injection vulnerability in published Javadoc > > Hi all, > > I will later svn checkout all Javadocs on the Lucene/Solr website and run the > patch tool on them. I will not regenerate all web pages, just patch the > javadocs. > It could be large commits, but don't care. > > Uwe > > ----- > Uwe Schindler > H.-H.-Meier-Allee 63, D-28213 Bremen > http://www.thetaphi.de > eMail: [email protected] > > > > -----Original Message----- > > From: Mark Thomas [mailto:[email protected]] > > Sent: Thursday, June 20, 2013 10:29 AM > > To: [email protected] > > Cc: [email protected] > > Subject: [SECURITY] Frame injection vulnerability in published Javadoc > > > > Hi All, > > > > Oracle has announced [1], [2] a frame injection vulnerability in > > Javadoc generated by Java 5, Java 6 and Java 7 before update 22. > > > > The infrastructure team has completed a scan of our current project > > websites and identified over 6000 instances of vulnerable Javadoc > > distributed across most TLPs. The chances are the project(s) you > > contribute to is(are) affected. A list of projects and the number of > > affected Javadoc instances per project is provided at the end of this > > e-mail. > > > > Please take the necessary steps to fix any currently published Javadoc > > and to ensure that any future Javadoc published by your project does > > not contain the vulnerability. The announcement by Oracle includes a > > link to a tool that can be used to fix Javadoc without regeneration. > > > > The infrastructure team is investigating options for preventing the > > publication of vulnerable Javadoc. > > > > The issue is public and may be discussed freely on your project's dev list. > > > > Thanks, > > > > Mark (ASF Infra) > > > > > > > > [1] > > http://www.oracle.com/technetwork/topics/security/javacpujun2013- > > 1899847.html > > [2] http://www.kb.cert.org/vuls/id/225657 > > > > Project Instances > > abdera.apache.org 1 > > accumulo.apache.org 2 > > activemq.apache.org 105 > > any23.apache.org 13 > > archiva.apache.org 4 > > archive.apache.org 13 > > aries.apache.org 7 > > avro.apache.org 23 > > axis.apache.org 5 > > beehive.apache.org 16 > > bval.apache.org 12 > > camel.apache.org 786 > > cayenne.apache.org 4 > > chemistry.apache.org 6 > > click.apache.org 3 > > cocoon.apache.org 6 > > commons.apache.org 34 > > continuum.apache.org 9 > > creadur.apache.org 19 > > crunch.apache.org 4 > > ctakes.apache.org 2 > > curator.apache.org 4 > > cxf.apache.org 6 > > db.apache.org 39 > > directory.apache.org 4 > > empire-db.apache.org 1 > > felix.apache.org 5 > > flume.apache.org 5 > > geronimo.apache.org 241 > > giraph.apache.org 6 > > gora.apache.org 3 > > hadoop.apache.org 21 > > hbase.apache.org 2 > > hive.apache.org 4 > > hivemind.apache.org 10 > > incubator.apache.org 355 > > jackrabbit.apache.org 9 > > jakarta.apache.org 39 > > james.apache.org 53 > > jena.apache.org 5 > > juddi.apache.org 3 > > lenya.apache.org 46 > > logging.apache.org 111 > > lucene.apache.org 713 > > manifoldcf.apache.org 112 > > marmotta.apache.org 1 > > maven.apache.org 1623 > > maventest.apache.org 1178 > > mina.apache.org 2 > > mrunit.apache.org 3 > > myfaces.apache.org 348 > > nutch.apache.org 8 > > oltu.apache.org 11 > > oodt.apache.org 1 > > ooo-site.apache.org 1 > > oozie.apache.org 10 > > openjpa.apache.org 20 > > opennlp.apache.org 9 > > pdfbox.apache.org 1 > > pig.apache.org 7 > > pivot.apache.org 1 > > poi.apache.org 1 > > portals.apache.org 35 > > river.apache.org 2 > > santuario.apache.org 1 > > shale.apache.org 55 > > shiro.apache.org 3 > > sling.apache.org 2 > > sqoop.apache.org 4 > > struts.apache.org 190 > > subversion.apache.org 3 > > synapse.apache.org 1 > > syncope.apache.org 2 > > tapestry.apache.org 6 > > tika.apache.org 9 > > tiles.apache.org 12 > > turbine.apache.org 100 > > tuscany.apache.org 4 > > uima.apache.org 12 > > velocity.apache.org 41 > > whirr.apache.org 2 > > wicket.apache.org 3 > > wink.apache.org 13 > > ws.apache.org 22 > > xalan.apache.org 1 > > xerces.apache.org 5 > > xml.apache.org 1 > > xmlbeans.apache.org 3 > > zookeeper.apache.org 18 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For additional > commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
